From: jstebbins Date: Tue, 12 Oct 2010 16:44:04 +0000 (+0000) Subject: fix heap corruption after avpicture_deinterlace X-Git-Tag: 0.9.5~136 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ab1f5c7298d8f6d0ef7ee949f41d3053035ee442;p=handbrake fix heap corruption after avpicture_deinterlace I don't know when this started happening (or if it has always been a problem). If the deinterlace buffer is not a multiple of 8, avpicture_deinterlace corrupts the heap. git-svn-id: svn://svn.handbrake.fr/HandBrake/trunk@3598 b64f7644-9d1e-0410-96f1-a4d463321fa5 --- diff --git a/libhb/hb.c b/libhb/hb.c index f7489c162..e26c8e659 100644 --- a/libhb/hb.c +++ b/libhb/hb.c @@ -616,19 +616,20 @@ void hb_get_preview( hb_handle_t * h, hb_title_t * title, int picture, AVPicture pic_in, pic_preview, pic_deint, pic_crop, pic_scale; struct SwsContext * context; int i; + int deint_width = ((title->width + 7) >> 3) << 3; int rgb_width = ((job->width + 7) >> 3) << 3; int preview_size; swsflags = SWS_LANCZOS | SWS_ACCURATE_RND; buf1 = av_malloc( avpicture_get_size( PIX_FMT_YUV420P, title->width, title->height ) ); - buf2 = av_malloc( avpicture_get_size( PIX_FMT_YUV420P, title->width, title->height ) ); + buf2 = av_malloc( avpicture_get_size( PIX_FMT_YUV420P, deint_width, title->height ) ); buf3 = av_malloc( avpicture_get_size( PIX_FMT_YUV420P, rgb_width, job->height ) ); buf4 = av_malloc( avpicture_get_size( PIX_FMT_RGB32, rgb_width, job->height ) ); avpicture_fill( &pic_in, buf1, PIX_FMT_YUV420P, title->width, title->height ); avpicture_fill( &pic_deint, buf2, PIX_FMT_YUV420P, - title->width, title->height ); + deint_width, title->height ); avpicture_fill( &pic_scale, buf3, PIX_FMT_YUV420P, rgb_width, job->height ); avpicture_fill( &pic_preview, buf4, PIX_FMT_RGB32,